<?php
	session_start();
	
	$configFile = ".". DIRECTORY_SEPARATOR . "install" . DIRECTORY_SEPARATOR . "config.txt";
	
	require "." . DIRECTORY_SEPARATOR . "config.php";
	require "." . DIRECTORY_SEPARATOR . "dbUtil.php";
	
	Config::resetConfig($configFile);
	
	$verbindung = DbUtil::GetConnection();
	
	if(isset($_POST["username"]) &&
		isset($_POST["password"]))
	{
		$abfrage = "SELECT l.id, l.username
					FROM leo l
					JOIN leo_recht lr ON ( l.id = lr.leo_id ) 
					JOIN recht r ON ( lr.recht_id = r.id ) 
					WHERE r.text_id =  'SERVICE_LOGIN' OR r.text_id =  'VOLLZUGRIFF'
					AND l.username =  '".$_POST["username"]."'
					AND l.password =  '".$_POST["password"]."'";
						
		$ergebnis = mysql_query($abfrage);
		
		if(mysql_num_rows($ergebnis) == 1)
		{
			$row = mysql_fetch_object($ergebnis);
			
			$_SESSION["username"] = $row->username;
			$_SESSION["id"] = $row->id;
			
			DbUtil::CloseConnection($verbindung);
			
			exit;
		}
	}
	
	DbUtil::CloseConnection($verbindung);
	
	header('HTTP/1.0 403 Forbidden');
	die('You are not allowed to access this site.');  
?>